Remote Code Execution Flaw in Umbraco CMS by Umbraco
CVE-2019-25137

7.2HIGH

Key Information:

Vendor

Umbraco

Vendor
CVE Published:
18 May 2023

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2019-25137?

The vulnerability in Umbraco CMS allows authenticated administrators to execute arbitrary code remotely. This occurs through the improper handling of the msxsl:script in xsltSelection, leading to potential unauthorized access. Administrators using versions 4.11.8 to 7.15.10 need to be cautious and apply the necessary patches to secure their installations.

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.